tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Kolinko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MTOMCAT-225) Documented deployment url returns 403 error
Date Thu, 13 Jun 2013 12:05:20 GMT

    [ https://issues.apache.org/jira/browse/MTOMCAT-225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13682166#comment-13682166
] 

Konstantin Kolinko commented on MTOMCAT-225:
--------------------------------------------

> According to the docs, the default values of "http://localhost:8080/manager/html"
> should be used with tomcat7:deploy and tomcat7:deploy-only. However, this will consistently
return 403. 

What documentation? Please be specific.
What are the URLs of incorrect pages?


Searching through the sources, the only file with such an URL that I can find is
\tomcat6-maven-plugin\src\site\apt\examples\deployment-tomcat7.apt.vm
which
 a) is not linked anywhere, so you should not have seen it.
 b) is offtopic in the scope of "tomcat6" plugin, so I think it is a good time to remove if.


Anyway, the Manager GUI URLs (/manager/html) will not work for an automated tool
neither in Tomcat 7 nor in recent versions of Tomcat 6
thanks to CSRF protection for those URLs in the Manager Web Application.
                
> Documented deployment url returns 403 error
> -------------------------------------------
>
>                 Key: MTOMCAT-225
>                 URL: https://issues.apache.org/jira/browse/MTOMCAT-225
>             Project: Apache Tomcat Maven Plugin
>          Issue Type: Bug
>          Components: tomcat7
>    Affects Versions: 2.0, 2.1
>         Environment: Ubuntu 12.04, Linux 3.5.0-26-generic, AMD64, Apache Tomcat/7.0.30,
JVM 1.7.0_21-b02
>            Reporter: Joseph Lust
>            Assignee: Olivier Lamy (*$^¨%`£)
>              Labels: code, docs
>             Fix For: 2.1, 2.2
>
>
> Following the documentation for deployment does not work and is consternating.
> According to the docs, the default values of "http://localhost:8080/manager/html" should
be used with tomcat7:deploy and tomcat7:deploy-only. However, this will consistently return
403.
> Using http://localhost:8080/manager/text however works fine. Testing with /jmxproxy,
/status, and /html do not however succeed, even if all manager permissions are given to the
credentialed user.
> Please update the docs and the defaults so that deployment works as expected out of the
box.
> For more details and reproducible examples, see the SO thread:
> http://stackoverflow.com/questions/9940701/maven-tomcat7deploy-fails-with-access-denied


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message